Release v5.4.6

What's Changed

• Removes aliasing for namespaces that affected maven by @prabhu in #349

Full Changelog: v5.4.5...v5.4.6

Release v5.4.5

What's Changed

• fix: add reachable label when a purl does not have a vendor by @harshit-kochar in #345
• Do not suffix s for all pypi packages. Fixes #341 by @prabhu in #346

Full Changelog: v5.4.4...v5.4.5

Release v5.4.4

What's Changed

• Removed project alias for pypi which was resulting in FP by @prabhu in #342

Full Changelog: v5.4.3...v5.4.4

v5.4.3

Bump vdb version to get fixes for false positives.

Full Changelog: v5.4.2...v5.4.3

Release v5.4.2

What's Changed

• Fix for generic packages false positives by @prabhu in #322

Full Changelog: v5.4.1...v5.4.2

Release v5.4.1

Bump cdxgen version. Also disables cdxgen banner, since depscan has its own banner ;-)

Full Changelog: v5.4.0...v5.4.1

Release v5.4.0

Depscan container image is now based on almalinux 9.4 with python 3.12, so might be a breaking change for python scans. If your project requires an older version of Java or python, use the AppThreat base-images to generate an SBOM first, and then invoke depscan with the --bom argument.

We have also added support for malicious packages scanning.

What's Changed

• Feature/default risk audit by @prabhu in #311

Full Changelog: v5.3.5...v5.4.0

Release v5.3.5

What's Changed

• Update vdb. Fix version was missing for certain packages for osv by @prabhu in #306

Full Changelog: v5.3.4...v5.3.5

Release v5.3.4

What's Changed

• depscan was reporting redis:redis for pypi:redis by @prabhu in #302

Full Changelog: v5.3.3...v5.3.4

Release v5.3.3

Bump up cdxgen to 10.4.1

Full Changelog: v5.3.2...v5.3.3